jose

package
v0.0.0-...-2537f40 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 9, 2021 License: Apache-2.0 Imports: 22 Imported by: 0

Documentation

Overview

Package jose provides Javascript Object Signing and Encryption

Index

Constants

View Source 
const (
	ValidatorNamespace = "github.com/starvn/sonic/auth/jose/validator"
	SignerNamespace    = "github.com/starvn/sonic/auth/jose/signer"
)

Variables

View Source 
var (
	ErrInsecureJWKSource = errors.New("JWK client is using an insecure connection to the JWK service")
	ErrPinnedKeyNotFound = errors.New("JWK client did not find a pinned key")
)
View Source 
var (
	ErrNoValidatorCfg = errors.New("no validator config")
	ErrNoSignerCfg    = errors.New("no signer config")
)
View Source 
var (
	ErrNoKeyFound    = errors.New("no Keys have been found")
	ErrKeyExpired    = errors.New("key exists but is expired")
	MaxKeyAgeNoCheck = time.Duration(-1)
)
View Source 
var (
	DefaultEnabledCipherSuites = []uint16{
		tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
		tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
		tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
		tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
		tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
		tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
		tls.TLS_AES_128_GCM_SHA256,
		tls.TLS_AES_256_GCM_SHA384,
		tls.TLS_CHACHA20_POLY1305_SHA256,
	}
)

Functions

func CalculateHeadersToPropagate 

func CalculateHeadersToPropagate(propagationCfg [][]string, claims map[string]interface{}) (map[string]string, error)

func CanAccess 

func CanAccess(roleKey string, claims map[string]interface{}, required []string) bool

func CanAccessNested 

func CanAccessNested(roleKey string, claims map[string]interface{}, required []string) bool

func CompoundX5TKeyIDGetter 

func CompoundX5TKeyIDGetter(key *jose.JSONWebKey) string

func CompoundX5TTokenKeyIDGetter 

func CompoundX5TTokenKeyIDGetter(token *jwt.JSONWebToken) string

func DecodeFingerprints 

func DecodeFingerprints(in []string) ([][]byte, error)

func DefaultKeyIDGetter 

func DefaultKeyIDGetter(key *jose.JSONWebKey) string

func DefaultTokenKeyIDGetter 

func DefaultTokenKeyIDGetter(token *jwt.JSONWebToken) string

func NewSigner 

func NewSigner(cfg *config.EndpointConfig, te auth0.RequestTokenExtractor) (*SignerConfig, Signer, error)

func NewValidator 

func NewValidator(signatureConfig *SignatureConfig, ef ExtractorFactory) (*auth0.JWTValidator, error)

func ScopesAllMatcher 

func ScopesAllMatcher(scopesKey string, claims map[string]interface{}, requiredScopes []string) bool

func ScopesAnyMatcher 

func ScopesAnyMatcher(scopesKey string, claims map[string]interface{}, requiredScopes []string) bool

func ScopesDefaultMatcher 

func ScopesDefaultMatcher(scopesKey string, claims map[string]interface{}, requiredScopes []string) bool

func SignFields 

func SignFields(keys []string, signer Signer, response *proxy.Response) error

func X5TKeyIDGetter 

func X5TKeyIDGetter(key *jose.JSONWebKey) string

func X5TTokenKeyIDGetter 

func X5TTokenKeyIDGetter(token *jwt.JSONWebToken) string

Types

type ChainedRejecterFactory 

type ChainedRejecterFactory []RejecterFactory

func (ChainedRejecterFactory) New 

func (c ChainedRejecterFactory) New(l log.Logger, cfg *config.EndpointConfig) Rejecter

type Claims 

type Claims map[string]interface{}

func (Claims) Get 

func (c Claims) Get(name string) (string, bool)

type Dialer 

type Dialer struct {
	// contains filtered or unexported fields
}

func NewDialer 

func NewDialer(cfg SecretProviderConfig) *Dialer

func (*Dialer) DialContext 

func (d *Dialer) DialContext(ctx context.Context, network, address string) (net.Conn, error)

func (*Dialer) DialTLS 

func (d *Dialer) DialTLS(network, addr string) (net.Conn, error)

type ExtractorFactory 

type ExtractorFactory func(string) func(r *http.Request) (*jwt.JSONWebToken, error)

type FileKeyCacher 

type FileKeyCacher struct {
	// contains filtered or unexported fields
}

func NewFileKeyCacher 

func NewFileKeyCacher(data []byte, keyIdentifyStrategy string) (*FileKeyCacher, error)

func (*FileKeyCacher) Add 

func (f *FileKeyCacher) Add(keyID string, _ []jose.JSONWebKey) (*jose.JSONWebKey, error)

func (*FileKeyCacher) Get 

func (f *FileKeyCacher) Get(keyID string) (*jose.JSONWebKey, error)

type FixedRejecter 

type FixedRejecter bool

func (FixedRejecter) Reject 

func (f FixedRejecter) Reject(_ map[string]interface{}) bool

type JWKClient 

type JWKClient struct {
	*auth0.JWKClient
	// contains filtered or unexported fields
}

func NewJWKClientWithCache 

func NewJWKClientWithCache(options JWKClientOptions, extractor auth0.RequestTokenExtractor, keyCacher auth0.KeyCacher) *JWKClient

func SecretProvider 

func SecretProvider(cfg SecretProviderConfig, te auth0.RequestTokenExtractor) (*JWKClient, error)

func (*JWKClient) GetSecret 

func (j *JWKClient) GetSecret(r *http.Request) (interface{}, error)

type JWKClientOptions 

type JWKClientOptions struct {
	auth0.JWKClientOptions
	KeyIdentifyStrategy string
}

type KeyCacher 

type KeyCacher interface {
	Get(keyID string) (*jose.JSONWebKey, error)
	Add(keyID string, webKeys []jose.JSONWebKey) (*jose.JSONWebKey, error)
}

func NewMemoryKeyCacher 

func NewMemoryKeyCacher(maxKeyAge time.Duration, maxCacheSize int, keyIdentifyStrategy string) KeyCacher

type KeyIDGetter 

type KeyIDGetter interface {
	Get(*jose.JSONWebKey) string
}

func KeyIDGetterFactory 

func KeyIDGetterFactory(keyIdentifyStrategy string) KeyIDGetter

type KeyIDGetterFunc 

type KeyIDGetterFunc func(*jose.JSONWebKey) string

func (KeyIDGetterFunc) Get 

func (f KeyIDGetterFunc) Get(key *jose.JSONWebKey) string

type MemoryKeyCacher 

type MemoryKeyCacher struct {
	// contains filtered or unexported fields
}

func (*MemoryKeyCacher) Add 

func (mkc *MemoryKeyCacher) Add(keyID string, downloadedKeys []jose.JSONWebKey) (*jose.JSONWebKey, error)

func (*MemoryKeyCacher) Get 

func (mkc *MemoryKeyCacher) Get(keyID string) (*jose.JSONWebKey, error)

type NopRejecterFactory 

type NopRejecterFactory struct{}

func (NopRejecterFactory) New 

func (NopRejecterFactory) New(_ log.Logger, _ *config.EndpointConfig) Rejecter

type Rejecter 

type Rejecter interface {
	Reject(map[string]interface{}) bool
}

type RejecterFactory 

type RejecterFactory interface {
	New(log.Logger, *config.EndpointConfig) Rejecter
}

type RejecterFactoryFunc 

type RejecterFactoryFunc func(log.Logger, *config.EndpointConfig) Rejecter

func (RejecterFactoryFunc) New 

func (f RejecterFactoryFunc) New(l log.Logger, cfg *config.EndpointConfig) Rejecter

type RejecterFunc 

type RejecterFunc func(map[string]interface{}) bool

func (RejecterFunc) Reject 

func (r RejecterFunc) Reject(v map[string]interface{}) bool

type SecretProviderConfig 

type SecretProviderConfig struct {
	URI                 string
	CacheEnabled        bool
	CacheDuration       uint32
	Fingerprints        [][]byte
	Cs                  []uint16
	LocalCA             string
	AllowInsecure       bool
	LocalPath           string
	SecretURL           string
	CipherKey           []byte
	KeyIdentifyStrategy string
}

type SignatureConfig 

type SignatureConfig struct {
	Alg                     string     `json:"alg"`
	URI                     string     `json:"jwk_url"`
	CacheEnabled            bool       `json:"cache,omitempty"`
	CacheDuration           uint32     `json:"cache_duration,omitempty"`
	Issuer                  string     `json:"issuer,omitempty"`
	Audience                []string   `json:"audience,omitempty"`
	Roles                   []string   `json:"roles,omitempty"`
	PropagateClaimsToHeader [][]string `json:"propagate_claims,omitempty"`
	RolesKey                string     `json:"roles_key,omitempty"`
	RolesKeyIsNested        bool       `json:"roles_key_is_nested,omitempty"`
	CookieKey               string     `json:"cookie_key,omitempty"`
	CipherSuites            []uint16   `json:"cipher_suites,omitempty"`
	DisableJWKSecurity      bool       `json:"disable_jwk_security"`
	Fingerprints            []string   `json:"jwk_fingerprints,omitempty"`
	LocalCA                 string     `json:"jwk_local_ca,omitempty"`
	LocalPath               string     `json:"jwk_local_path,omitempty"`
	SecretURL               string     `json:"secret_url,omitempty"`
	CipherKey               []byte     `json:"cypher_key,omitempty"`
	Scopes                  []string   `json:"scopes,omitempty"`
	ScopesKey               string     `json:"scopes_key,omitempty"`
	ScopesMatcher           string     `json:"scopes_matcher,omitempty"`
	KeyIdentifyStrategy     string     `json:"key_identify_strategy"`
	OperationDebug          bool       `json:"operation_debug,omitempty"`
}

func GetSignatureConfig 

func GetSignatureConfig(cfg *config.EndpointConfig) (*SignatureConfig, error)

type Signer 

type Signer func(interface{}) (string, error)

type SignerConfig 

type SignerConfig struct {
	Alg                string   `json:"alg"`
	KeyID              string   `json:"kid"`
	URI                string   `json:"jwk_url"`
	FullSerialization  bool     `json:"full,omitempty"`
	KeysToSign         []string `json:"keys_to_sign,omitempty"`
	CipherSuites       []uint16 `json:"cipher_suites,omitempty"`
	DisableJWKSecurity bool     `json:"disable_jwk_security"`
	Fingerprints       []string `json:"jwk_fingerprints,omitempty"`
	LocalCA            string   `json:"jwk_local_ca,omitempty"`
	LocalPath          string   `json:"jwk_local_path,omitempty"`
	SecretURL          string   `json:"secret_url,omitempty"`
	CipherKey          []byte   `json:"cypher_key,omitempty"`
}

type TokenIDGetter 

type TokenIDGetter interface {
	Get(*jwt.JSONWebToken) string
}

func TokenIDGetterFactory 

func TokenIDGetterFactory(keyIdentifyStrategy string) TokenIDGetter

type TokenKeyIDGetterFunc 

type TokenKeyIDGetterFunc func(*jwt.JSONWebToken) string

func (TokenKeyIDGetterFunc) Get 

func (f TokenKeyIDGetterFunc) Get(token *jwt.JSONWebToken) string

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.